CVE-2007-4033
Published: 27 July 2007
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
From the Ubuntu Security Team
It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution.
Notes
| Author | Note |
|---|---|
| jdstrand | while tetex-bin and texlive-bin have embedded t1lib code, it's not used |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
t1lib Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.0-2ubuntu0.6.06.1)
|
| edgy |
Released
(5.1.0-2ubuntu0.6.10.1)
|
|
| feisty |
Released
(5.1.0-2ubuntu0.7.04.1)
|
|
| upstream |
Needs triage
|
|
|
tetex-bin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(links to t1lib)
|
| edgy |
Not vulnerable
(links to t1lib)
|
|
| feisty |
Not vulnerable
(links to t1lib)
|
|
| gutsy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Not vulnerable
(links to t1lib)
|
|
| feisty |
Not vulnerable
(links to t1lib)
|
|
| gutsy |
Not vulnerable
(links to t1lib)
|
|
| upstream |
Needs triage
|